start of a certbot role, but don't use it yet.
Signed-off-by: Ricky Elrod <codeblock@fedoraproject.org>
This commit is contained in:
parent
f4a609d445
commit
1213c5e6a7
1 changed files with 15 additions and 0 deletions
|
|
@ -19,4 +19,19 @@ To use it:
|
|||
/srv/web/acme-challenge/ -d YOURINSTANCE.fedorainfracloud.org
|
||||
setenforce 1
|
||||
|
||||
3) Add your SSL VirtualHost. An Ansible template with something like this
|
||||
should possibly work:
|
||||
|
||||
<VirtualHost {{public_ip}}:443 _default_:443>
|
||||
ServerName YOURINSTANCE.fedorainfracloud.org
|
||||
|
||||
SSLEngine on
|
||||
SSLCertificateFile /etc/letsencrypt/live/YOURINSTANCE.fedorainfracloud.org/cert.pem
|
||||
SSLCertificateKeyFile /etc/letsencrypt/live/YOURINSTANCE.fedorainfracloud.org/privkey.pem
|
||||
SSLCertificateChainFile /etc/letsencrypt/live/YOURINSTANCE.fedorainfracloud.org/fullchain.pem
|
||||
SSLHonorCipherOrder On
|
||||
SSLCipherSuite RC4-SHA:AES128-SHA:ALL:!ADH:!EXP:!LOW:!MD5:!SSLV2:!NULL
|
||||
SSLProtocol ALL -SSLv2
|
||||
|
||||
<!-- Your actual config goes here! -->
|
||||
</VirtualHost>
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue